-1

I'm new in Azure and DC/OS. I deployed a DC/OS cluster using the next document: https://learn.microsoft.com/en-us/azure/container-service/container-service-deployment. What should I do in case I want change SSH RSA public key which I used in deploying? I couldn't find a document with description such situation.

After deploying a DC/OS cluster I have a resource group which contains virtual machine with name like dcos-master-* . I can change public key for this virtual machine using azure web portal: resourcegroup->'dcos-master-* '->Reset password. But as I understand it's not enough. I see also that my resource group contains virtual machine scale sets like dcos-agent-private-* and dcos-agent-public-*. But I can't find how to reset passwords there.

Explain me please what should I do in such case?

Jason Ye
  • 13,710
  • 2
  • 16
  • 25
typik89
  • 907
  • 1
  • 10
  • 23

1 Answers1

1

What should I do in case I want change SSH RSA public key which I used in deploying?

Sorry, I have not find how to change the public key of VMSS, I will do some search, if I get anything new, I'll keep you updated.

As a workaround, we can add a new public key to VMSS, here is the script:

$vmssName = "dcos-agent-private-EAF6BCA8-vmss0"
$vmssResourceGroup = "dcos"
$vmss = Get-AzureRmVmss -ResourceGroupName $vmssResourceGroup -VMScaleSetName $vmssName
Add-AzureRmVmssSshPublicKey -VirtualMachineScaleSet $VMSS -KeyData "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr1ftAx4QhtzAeqei9ukw32nrM8kmB6t2UVdBpuUjAeBAI3/cln/0vmekCt2OPJof5/mdaMTYoMleMsPxQWcm19fZviiMS0rkmLU9qwTeJf8+T8RWEUB75wRH5aDdrit1eYZ9bwJGL1LbkECKWoB02HZGLRH24Z5BLLXCkXjGI8LTLTTZobAnM4EC1QGMCsuMUl0mlhchaK0yQifx+GHOsbFuqe+E40akAzzh7tt+O4I/TjigrE4YHUJlmGNlY3grXFPE5oaszzb97/yyglt1cW2KucjAI4qm7ZTQ6wz5asW8IoN+jya4h2O4Au0ymNVgw1EQG1p8UJ2qByyxxJNMSw==" -Path "/home/admin/.ssh/authorized_keys"

Here is the result:

enter image description here

By the way, if you don't want user can use your original public key to login VMSS instance, we can login this instance and delete the original public key in authorized_key.

jason@dcos-agent-public-EAF6BCA8000001:~$ cd .ssh/
jason@dcos-agent-public-EAF6BCA8000001:~/.ssh$ ls
authorized_keys
jason@dcos-agent-public-EAF6BCA8000001:~/.ssh$ cat authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAr1ftAx4QhtzAeqei9ukw32nrM8kmB6t2UVdBpuUjAeBAI3/cln/0vmekCt2OPJof5/mdaMTYoMleMsPxQWcm19fZviiMS0rkmLU9qwTeJf8+T8RWEUB75wRH5aDdrit1eYZ9bwJGL1LbkECKWoB02HZGLRH24Z5BLLXCkXjGI8LTLTTZobAnM4EC1QGMCsuMUl0mlhchaK0yQifx+GHOsbFuqe+E40akAzzh7tt+O4I/TjigrE4YHUJlmGNlY3grXFPE5oaszzb97/yyglt1cW2KucjAI4qm7ZTQ6wz5asW8IoN+jya4h2O4Au0ymNVgw1EQG1p8UJ2qByyxxJNMSw==

Update:
we can use this command to list public key.

enter image description here enter image description here

Jason Ye
  • 13,710
  • 2
  • 16
  • 25
  • Please let me know if you would like further assistance. – Jason Ye Jun 07 '17 at 06:03
  • Hi, thank u for your detailed reply. I've done it. But I still can't connect to my agens from master node. May be I should do something more? – typik89 Jun 08 '17 at 16:40
  • @Andryusha2006 Can you find the public Key have added to this VMSS, we can use `Get-AzureRmVmss` to list it, and we can see two public keys in it. After that, we should copy our private key to master `~/.ssh/` and make sure the key permission is 600, about how to upload private to master node, here a similar case, please refer to it https://stackoverflow.com/questions/43638792/how-to-login-into-dc-os-slave-through-master/43647929#43647929 – Jason Ye Jun 09 '17 at 01:59
  • I don't understand how I can see it using Get-AzureRmVmss – typik89 Jun 09 '17 at 10:36
  • @Andryusha2006 please run this command to list public key `$a = get-azurermvmss -ResourceGroupName resourcename -VMScaleSetName vmssname $a.VirtualMachineProfile.OsProfile.LinuxConfiguration.Ssh.PublicKeys` – Jason Ye Jun 09 '17 at 14:36
  • @Andryusha2006 I have update my answer, please check it. – Jason Ye Jun 09 '17 at 14:41
  • I see my key in list. But still can't connect. I'm connecting using putty and and pageagent key list as in azure documentation to master node and I can't connect to my node: ssh 10.0.0.4 - Permission denied (publickkey). – typik89 Jun 09 '17 at 16:32
  • @Andryusha2006 you can follow this link to set private key in master node, https://stackoverflow.com/questions/43638792/how-to-login-into-dc-os-slave-through-master/43647929#43647929 please check it, – Jason Ye Jun 09 '17 at 18:13
  • Hi, Jason Ye - MSFT, Sorry, my test subscription is over now and I can't check it. May be I'll try it in future if my company decide to use this technologies. But I 'd suggest the azure team to work at this case and to add a description in details to documentation. I beleive that It's an important case. – typik89 Jun 19 '17 at 10:53
  • @Andryusha2006 Thank you for your suggestion:) it's very import to Azure. I had test in my lab, we can add public key to vmss, and use this key to login vm, maybe you can try it in future. Also if it helpful, please don't forget to accept it as answer, thanks. – Jason Ye Jun 19 '17 at 14:06